Hello,
I use a form to accept a value for a variable, $new_title.
I insert it into my database...
$new_title = addslashes($new_title);
$sql = "INSERT INTO articles (title) VALUES('$new_title')";
$result = mysql_query($sql);
Later, I retrieve it...
$sql2 = "SELECT title FROM articles WHERE articleID='4'";
$result2 = mysql_query($sql2);
$query_data2=mysql_fetch_array($result2);
I then use the retrieved value to populate my form:
<td><input name="new_title" type="text" size="50" value="<?php echo stripslashes($query_data2['title']);?>"></td>
This all works fine until I deliberately (as part of general testing) included quotation marks in $new_title, i.e. "A Short Story" - the form input field was not populated, but remained blank. When I took out the quotation marks, it worked fine again.
What am I doing wrong? I thought "addslashes" and "stripslashes" would have prevented this. Thanks for any pointers.
